Tk Product Launch Os

Security checks across malware telemetry and agentic risk

Overview

This is a TikTok ecommerce planning skill with no executable code or hidden behavior, though its activation keywords are broad enough that users should invoke it only for relevant product-launch work.

Install this only if you want a structured TikTok product-launch and video-production assistant. Keep any sales data, account names, supplier details, and performance records in locations you control, and invoke the skill in a clear TikTok ecommerce context to avoid accidental activation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger conditions are broad enough to match very common terms such as "TK," "TikTok," and generic commerce/video-production phrases, which can cause unintended activation outside the skill’s narrow intended scope. Over-triggering is dangerous because it may hijack unrelated conversations, inject domain-specific instructions when not requested, and reduce the reliability and safety of skill routing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal